from flask import Flask,jsonify,request,Blueprint,session
from common.res import (getRes,getErrorRes,getSuccessRes,getDataRes)
from common.sqlInjectionSecurity import sqlEscape,sqlEscapeField
from DAL.rightDAL import usersDAL
from controller.permissionAttr import islog

right = Blueprint('right',__name__)

@right.route("/users/getlist",methods=['POST'])
@islog
def users_getlist():
    param = {
        'account': request.form.get('account') and sqlEscape(request.form.get('account')) or "",
        'state': request.form.get('state') and sqlEscape(request.form.get('state')) or None,
        'is_admin': request.form.get('is_admin') and sqlEscape(request.form.get('is_admin')) or None,
        'page': request.form.get('page') and sqlEscape(request.form.get('page')) or 1,
        'limit': request.form.get('limit') and sqlEscape(request.form.get('limit')) or 20,
        'filed': request.form.get('filed') and sqlEscape(request.form.get('filed')) or 'id',
        'sort': request.form.get('sort') and sqlEscape(request.form.get('sort')) or 'ascending'
          }
    dal = usersDAL()
    data,count = dal.getList(**param)
    if data:
        res = getSuccessRes(data=data,count=count)
    else:
        res = getSuccessRes(data=[], count=count)
    return jsonify(res)

@right.route("/users/reset_pwd",methods=['POST'])
@islog
def reset_pwd():
    param = {
        'id': request.form.get('id') or None,
        'old_password': request.form.get('old_password') and sqlEscape(request.form.get('old_password')) or '',
        'password': request.form.get('password') and sqlEscape(request.form.get('password')) or ''
    }
    if not param['id']:
        res = getErrorRes("你输入的参数有错！")
        return jsonify(res)

    dal = usersDAL()
    data = dal.resetPWD(**param)
    res = getSuccessRes(data=data)
    return jsonify(res)
@right.route("/users/init_pwd",methods=['POST'])
@islog
def init_pwd():
    param = {
        'id': request.form.get('id') or None,
        'password': request.form.get('password') and sqlEscape(request.form.get('password')) or ''
    }
    if not param['id']:
        res = getErrorRes("你输入的参数有错！")
        return jsonify(res)

    dal = usersDAL()
    data = dal.initPWD(**param)
    res = getSuccessRes(data=data)
    return jsonify(res)

@right.route("/users/remove_by_id",methods=['POST'])
@islog
def remove_by_id():
    param = {
        'id': request.form.get('id') or None
    }
    if not param['id']:
        res = getErrorRes("你输入的参数有错！")
        return jsonify(res)

    dal = usersDAL()
    data = dal.removeById(**param)
    res = getSuccessRes(data=data)
    return jsonify(res)
@right.route("/users/recovery",methods=['POST'])
@islog
def recovery():
    param = {
        'id': request.form.get('id') or None
    }
    if not param['id']:
        res = getErrorRes("你输入的参数有错！")
        return jsonify(res)

    dal = usersDAL()
    data = dal.recovery(**param)
    res = getSuccessRes(data=data)
    return jsonify(res)
@right.route("/users/add",methods=['POST'])
@islog
def add():
    param = {
    'account': request.form.get('account') and sqlEscape(request.form.get('account')) or '',
    'password': request.form.get('password') and sqlEscape(request.form.get('password')) or ''
    }
    if not param['account']:
        res = getErrorRes("你输入的参数有错！")
        return jsonify(res)

    dal = usersDAL()
    data = dal.add(**param)
    res = getSuccessRes(data=data)
    return jsonify(res)

@right.route("/users/getModuleIdByUser",methods=['POST'])
@islog
def getModuleIdByUser():
    param = {
        'user_id': request.form.get('user_id') and sqlEscape(request.form.get('user_id')) or None,
    }
    if not param['user_id']:
        res = getErrorRes("参数有误！")
        return jsonify(res)

    dal = usersDAL()
    data = dal.getModuleIdByUser(user_id=param['user_id'])
    res = getSuccessRes(data=data)
    return jsonify(res)

@right.route("/users/bindModule",methods=['POST'])
@islog
def bindModule():
    param = {
        'user_id': request.form.get('user_id') and sqlEscape(request.form.get('user_id')) or None,
        'module_ids': request.form.get('module_ids') and sqlEscape(request.form.get('module_ids')) or "",
    }
    if not param['user_id']:
        res = getErrorRes("参数有误！")
        return jsonify(res)
    if param['module_ids']:
        param['module_ids'] = param['module_ids'].split(',')
    else:
        param['module_ids'] = []
    dal = usersDAL()
    data = dal.bindModule(**param)
    res = getSuccessRes(data=data)
    return jsonify(res)

@right.route("/users/existAccount",methods=['POST'])
@islog
def existAccount():
    param = {
    'account': request.form.get('account') and sqlEscape(request.form.get('account')) or ''
    }
    if not param['account']:
        res = getErrorRes("你输入的参数有错！")
        return jsonify(res)

    dal = usersDAL()
    data = dal.existAccount(**param)
    res = getSuccessRes(data=data)
    return jsonify(res)

@right.route("/users/getRoleIdByUser",methods=['POST'])
@islog
def getRoleIdByUser():
    param = {
        'user_id': request.form.get('user_id') and sqlEscape(request.form.get('user_id')) or None,
    }
    if not param['user_id']:
        res = getErrorRes("参数有误！")
        return jsonify(res)

    dal = usersDAL()
    data = dal.getRoleIdByUser(user_id=param['user_id'])
    res = getSuccessRes(data=data)
    return jsonify(res)

@right.route("/users/bindRoles",methods=['POST'])
@islog
def bindRoles():
    param = {
        'user_id': request.form.get('user_id') and sqlEscape(request.form.get('user_id')) or None,
        'role_ids': request.form.get('role_ids') and sqlEscape(request.form.get('role_ids')) or "",
    }
    if not param['user_id']:
        res = getErrorRes("参数有误！")
        return jsonify(res)
    if param['role_ids']:
        param['role_ids'] = param['role_ids'].split(',')
    else:
        param['role_ids'] = []
    dal = usersDAL()
    data = dal.bindRoles(**param)
    res = getSuccessRes(data=data)
    return jsonify(res)